Home/ Questions/Q 7822879
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T08:03:41+00:00

I have a server which has its own cert and a client who is

  • 0

I have a server which has its own cert and a client who is trying to have the server generate a new cert for him (and sign it ofc). The client has given the server his public key and the server is supposed to create a cert and sign it. In PHP, how do I have the server create the cert with only the clients public key? openssl_csr_new seems to want the private key.

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    you can do this with the latest SVN of phpseclib, a pure PHP X.509 parser. eg.

    <?php
include('File/X509.php');
include('Crypt/RSA.php');

$privKey = new Crypt_RSA();
$privKey->loadKey('-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----');

$pubKey = new Crypt_RSA();
$pubKey->loadKey('-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----');
$pubKey->setPublicKey();

$subject = new File_X509();
$subject->setPublicKey($pubKey);
$subject->setDNProp('id-at-organizationName', 'whatever');

$issuer = new File_X509();
// load the DN from an existing X.509 cert
$issuer->loadX509('-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----');
$issuer->setPrivateKey($privKey);

$x509 = new File_X509();
$x509->setStartDate('-1 month');
$x509->setEndDate('+1 year');
$x509->setSerialNumber(1);

$result = $x509->sign($issuer, $subject);
echo $x509->saveX509($result);

    You’ll need your private key and the subjects public key. In this example, I’m getting the issuing DN from a X.509 previously signed by with your private key but you might want to call setDN() instead?

    • 0